"Researchers said they've uncovered a security vulnerability that could allow attackers to take full control of smartphones running Google's Android mobile operating system." So, how bad is this? Can anybody with knowledge of Android's inner workings explain?

First of all, this is a risk for people installing applications that appear to be from reputable developers but from sketchy app stores. Most in the EU/USA who stick to installing apps from google play are not really in danger of it.

This is a vulnerability in how applications are signed, I think. So a person installing an app could be fooled at a deeper level than before. However, there are already malicious clones of apps out there that fool people that don't make use of this vulnerability. Like the recent Jay-Z app.